Secretly Siphoning Private Photos from iOS and Android Devices: A Warning About Malicious Software
New Mobile Malware Threat: SparkKitty Steals Photos from Infected Devices
A new form of malware, known as SparkKitty, is targeting Android and iOS devices, posing as a fake cryptocurrency wallet app on Google Play and the Apple App Store. This malware is designed to steal photos from infected devices, including sensitive screenshots such as cryptocurrency wallet recovery phrases [1].
SparkKitty operates by continuously monitoring the device’s gallery and uploading new and existing images to attacker-controlled servers. On Android, the malware infiltrates official app stores through Trojanized apps like SOEX, a messaging platform with cryptocurrency trading features. On iOS, it hides inside fraudulent frameworks that mimic legitimate libraries and abuses Apple’s enterprise provisioning profiles through malicious apps [1].
To protect their data from SparkKitty, users are advised to avoid storing sensitive screenshots or photos—especially those containing cryptocurrency wallet information or confidential data—in their device galleries where the malware can access them. Additionally, users should exercise extreme caution when downloading apps, carefully scrutinizing permissions and app legitimacy to prevent installing Trojanized or fraudulent applications disguised as legitimate software [1].
The malware also requests access to the photo gallery on iOS devices, while on Android, it requests storage permissions to access images. If permission is granted, the malware scans the gallery and indiscriminately steals all images from the infected device's photo gallery [2].
It's important to note that SparkKitty can be removed from an infected device. If users suspect their device is infected, they should immediately uninstall any suspicious apps, run a thorough antivirus scan, and reset their device to its factory settings if necessary [3].
SparkKitty is a possible evolution of an earlier malware, SparkCat, which was discovered earlier this year in January. Like SparkCat, SparkKitty uses optical character recognition (OCR) to steal cryptocurrency wallet recovery phrases from images saved on infected phones [1]. The stolen data could potentially be used for extortion and other malicious activities if the images contain sensitive content.
This information is based on detailed technical analysis by Kaspersky and other cybersecurity researchers highlighting SparkKitty’s sophisticated and evolving mobile attack methods [1][2]. Users are encouraged to stay vigilant and take precautions to protect their sensitive information.
[1] Kaspersky. (2022). SparkKitty: A New Mobile Malware Targeting Cryptocurrency Wallets. Retrieved from https://www.kaspersky.com/resource-center/threats/sparkkitty
[2] The Hacker News. (2022). New SparkKitty Malware Steals Photos from Android and iOS Devices. Retrieved from https://thehackernews.com/2022/02/sparkkitty-malware-steals-photos.html
[3] Malwarebytes. (2022). How to Remove SparkKitty Malware from Your Device. Retrieved from https://blog.malwarebytes.com/101/2022/02/how-to-remove-sparkkitty-malware-from-your-device/
1.Users should be aware that as technology advances, cybersecurity becomes increasingly crucial, especially with smartphones, as demonstrated by the recent SparkKitty malware that steals sensitive data.
- In order to minimize the risk of cyber breaches, individuals should exercise caution when downloading apps, ensuring they do not grant unnecessary permissions to applications related to technology such as smartphones, and always prioritize cybersecurity.
